[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-62-gb8f7dab
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-62-gb8f7dab |
|
Date: |
Fri, 22 Jan 2010 21:38:09 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b8f7dabbb9572a5b49bc5d003b09a5a3cf742d83
The branch, master has been updated
via b8f7dabbb9572a5b49bc5d003b09a5a3cf742d83 (commit)
via 1ced4c4d68cf335cf859040940a79569ba71cef1 (commit)
via 2a10542bf8f7cfbd5e6a4b17c8d502133da93fc5 (commit)
from 514583bde2466b28c109c68225bbd51fb523a920 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b8f7dabbb9572a5b49bc5d003b09a5a3cf742d83
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jan 22 22:36:23 2010 +0100
Documented Steve Dispensa's patch addition.
commit 1ced4c4d68cf335cf859040940a79569ba71cef1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jan 22 22:27:35 2010 +0100
Added tests for new behaviour of client.
commit 2a10542bf8f7cfbd5e6a4b17c8d502133da93fc5
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Jan 22 22:21:16 2010 +0100
Revert "Always allow initial negotiation. Disable subsequent unsafe
renegotiations."
This reverts commit 1e4981cfbec360a19cfb7470ce96093aaa95b32e.
Ah, this was to twart the attack (description by Daniel Kahn Gilmor):
The problem, as i understand it, is that the client is incapable of
telling whether the plaintext prefix injection attack has already
happened. I don't think disabling renegotiation for the session
resolves the problem.
For a server which does not announce and enforce safe renegotiation,
what the client sees as an initial connection may unknowingly actually
be renegotiating an existing session that was started by an attacker.
The concern isn't that the (legitimate) client will have their session
re-negotiated by an attacker; it's that the MITM attacker can trick the
server into viewing the client's initial authentication as a
re-negotiation of a TLS session already underway.
for servers which do odd things like apply the credentials of the
post-renegotiation client to the traffic that happened before the
renegotiation (e.g. HTTPS, with client-side certificates required only
for certain subdirectories), a safe-renegotiation-aware client *should*
refuse to connect to servers which do not announce safe renegotiation if
they want to resist this attack.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 10 ++++++++++
lib/gnutls_handshake.c | 4 +++-
tests/safe-renegotiation/testsrn | 8 ++++----
3 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/NEWS b/NEWS
index 47bb5ba..10a775b 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,14 @@ See the end for copying conditions.
* Version 2.9.10 (unreleased)
+** libgnutls: Added Steve Dispensa's patch for safe renegotiation
+(draft-ietf-tls-renegotiation) that solves the issue discussed in:
+http://www.ietf.org/mail-archive/web/tls/current/msg03928.html
+and http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
+Note however that the TLS client implemented here will reject
+any connections to unsafe servers unless the priority string
+%UNSAFE_RENEGOTIATION is specified.
+
** libgnutls: When checking openpgp self signature also check the signatures
of all subkeys.
Ilari Liusvaara noticed and reported the issue and provided test vectors as
well.
@@ -45,6 +53,8 @@ gnutls_hmac: Added
gnutls_hmac_fast: Added
gnutls_hmac_deinit: Added
gnutls_hmac_output: Added
+gnutls_safe_negotiation_set_initial: Added
+gnutls_safe_renegotiation_set: Added
* Version 2.9.9 (released 2009-11-09)
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index fc9de23..c0bf83b 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2428,7 +2428,9 @@ _gnutls_recv_hello (gnutls_session_t session, opaque *
data, int datalen)
return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
}
- if (session->internals.initial_negotiation_completed != 0)
+ /* Clients can't tell if it's an initial negotiation */
+ if (session->internals.initial_negotiation_completed ||
+ session->security_parameters.entity == GNUTLS_CLIENT)
{
if (session->internals.priorities.unsafe_renegotiation != 0)
{
diff --git a/tests/safe-renegotiation/testsrn b/tests/safe-renegotiation/testsrn
index a926245..5e1b675 100755
--- a/tests/safe-renegotiation/testsrn
+++ b/tests/safe-renegotiation/testsrn
@@ -58,11 +58,11 @@ $SERV -p $PORT --echo --priority
NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION --d
# give the server a chance to initialize
sleep 2
-$CLI -p $PORT localhost --rehandshake --priority NORMAL:+ANON-DH </dev/null
>/dev/null 2>&1 && \
- fail "9. Safe rehandshake should have failed!"
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH </dev/null >/dev/null 2>&1
&& \
+ fail "9. Initial connection should have failed!"
-$CLI -p $PORT localhost --rehandshake --priority
NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION </dev/null >/dev/null 2>&1 || \
- fail "10. Unsafe rehandshake should have succeeded!"
+$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%UNSAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 || \
+ fail "10. Unsafe connection should have succeeded!"
$CLI -p $PORT localhost --priority NORMAL:+ANON-DH:%DISABLE_SAFE_RENEGOTIATION
</dev/null >/dev/null 2>&1 || \
fail "11. Unsafe negotiation should have succeeded!"
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-62-gb8f7dab,
Nikos Mavrogiannopoulos <=